diff --git a/agent_based/checkpoint_identity_awareness.py b/agent_based/checkpoint_identity_awareness.py
index f3a96262fd501efdc71ae909d969caf97007ef8c..ae886e8378efa1d32e60c65ad6f38076ce77d5ea 100644
--- a/agent_based/checkpoint_identity_awareness.py
+++ b/agent_based/checkpoint_identity_awareness.py
@@ -12,6 +12,9 @@
# 2018-03-15: code cleanup, added identity counters 39-44
# 2020-06-08: changed snmp-scan function
# 2021-08-25: rewritten for CMK 2.0
+# 2023-0529: moved gui files to ~/local/lib/check_mk/gui/plugins/...
+#
+
#
# snmpwalk sample
#
diff --git a/checkpoint_identity_awareness-0.3.0-20230529.mkp b/checkpoint_identity_awareness-0.3.0-20230529.mkp
new file mode 100644
index 0000000000000000000000000000000000000000..9fbd734c55bd5c4b9a2bd7360e91332b9d322721
Binary files /dev/null and b/checkpoint_identity_awareness-0.3.0-20230529.mkp differ
diff --git a/checkpoint_identity_awareness.mkp b/checkpoint_identity_awareness.mkp
index 4ac8f11742cb3a5c1773c5137c823e068570f2d6..9fbd734c55bd5c4b9a2bd7360e91332b9d322721 100644
Binary files a/checkpoint_identity_awareness.mkp and b/checkpoint_identity_awareness.mkp differ
diff --git a/gui/metrics/checkpoint_ia_adquery.py b/gui/metrics/checkpoint_ia_adquery.py
new file mode 100644
index 0000000000000000000000000000000000000000..19d6c83c8017f21b556354078bd6ab536d5b0149
--- /dev/null
+++ b/gui/metrics/checkpoint_ia_adquery.py
@@ -0,0 +1,58 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2018-03.12
+#
+# Check Point Identity Awareness AD Query metrics plugin
+# checkpoint_ia_query
+#
+
+from cmk.gui.i18n import _
+
+from cmk.gui.plugins.metrics.utils import (
+ metric_info,
+ graph_info,
+ perfometer_info,
+ indexed_color,
+)
+
+_MAX_DCS = 48 # max colors ;-)
+
+metric_info['checkpoint_ia_adquery_events_sum'] = {
+ 'title': _('Events summary'),
+ 'unit': '1/s',
+ 'color': '26/a',
+}
+
+for i in range(1, _MAX_DCS):
+ # generate different colors for each DC.
+ # unfortunately there are only 24 colors on our
+ # color wheel, times two for two shades each, we
+ # can only draw 48 differently colored graphs
+ metric_info[f'checkpoint_ia_adquery_dc_{i}'] = {
+ 'title': _(f'DC{i:02d} Events'),
+ 'unit': '1/s',
+ 'color': indexed_color(i, _MAX_DCS),
+ }
+
+dc_metric = ([(f'checkpoint_ia_adquery_dc_{num:d}', 'stack') for num in range(_MAX_DCS, 0, -1)])
+dc_metric.insert(0, ('checkpoint_ia_adquery_events_sum', 'line'))
+
+graph_info['checkpoint_ia_adquery_dc'] = {
+ 'title': _('Check Point Identity Awareness AD queries'),
+ 'metrics': dc_metric,
+ 'range': (0, None),
+ 'optional_metrics': [f'checkpoint_ia_adquery_dc_{num:d}' for num in range(0, _MAX_DCS + 1)]
+}
+
+perfometer_info.append({
+ 'type': 'linear',
+ 'segments': [
+ 'checkpoint_ia_adquery_events_sum',
+ ],
+ 'total': 100,
+})
diff --git a/gui/metrics/checkpoint_identity_awareness.py b/gui/metrics/checkpoint_identity_awareness.py
new file mode 100644
index 0000000000000000000000000000000000000000..5887fa9d651607bfec3e8ef4bb0db70cb2b2d69e
--- /dev/null
+++ b/gui/metrics/checkpoint_identity_awareness.py
@@ -0,0 +1,279 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2018-01-02
+#
+# Check Point Identity Awareness metrics plugin
+# checkpoint_identity_awareness
+#
+
+from cmk.gui.i18n import _
+
+from cmk.gui.plugins.metrics.utils import (
+ metric_info,
+ graph_info,
+ perfometer_info,
+)
+
+metric_info['checkpoint_identity_awareness_iaSuccUserLoginADQuery'] = {
+ 'title': _('Successfull ADQuery user login attempts'),
+ 'unit': 'count',
+ 'color': '11/a',
+}
+metric_info['checkpoint_identity_awareness_iaSuccMachLoginADQuery'] = {
+ 'title': _('Successfull ADQuery machine login attempts'),
+ 'unit': 'count',
+ 'color': '13/a',
+}
+metric_info['checkpoint_identity_awareness_iaSuccUserLoginKerberos'] = {
+ 'title': _('Successfull Kerberos user login attempts'),
+ 'unit': 'count',
+ 'color': '15/a',
+}
+metric_info['checkpoint_identity_awareness_iaSuccMachLoginKerberos'] = {
+ 'title': _('Successfull Kerberos machine login attempts'),
+ 'unit': 'count',
+ 'color': '21/a',
+}
+metric_info['checkpoint_identity_awareness_iaSuccUserLoginPass'] = {
+ 'title': _('Successfull User Name And Password login attempts'),
+ 'unit': 'count',
+ 'color': '23/a',
+}
+metric_info['checkpoint_identity_awareness_iaUnSuccUserLoginKerberos'] = {
+ 'title': _('Unsuccessfull Kerberos user login attempts'),
+ 'unit': 'count',
+ 'color': '25/a',
+}
+metric_info['checkpoint_identity_awareness_iaUnSuccMachLoginKerberos'] = {
+ 'title': _('Unsuccessfull Kerberos machine login attempts'),
+ 'unit': 'count',
+ 'color': '31/a',
+}
+metric_info['checkpoint_identity_awareness_iaUnSuccUserLoginPass'] = {
+ 'title': _('Unsuccessfull User Name And Password login attempts'),
+ 'unit': 'count',
+ 'color': '43/a',
+}
+
+metric_info['checkpoint_identity_awareness_iaSuccUserLDAP'] = {
+ 'title': _('Successful LDAP queries'),
+ 'unit': '1/s',
+ 'color': '11/b',
+}
+metric_info['checkpoint_identity_awareness_iaUnSuccUserLDAP'] = {
+ 'title': _('Unsuccessful LDAP queries'),
+ 'unit': '1/s',
+ 'color': '21/b',
+}
+
+metric_info['checkpoint_identity_awareness_iaAuthUsers'] = {
+ 'title': _('Authenticated users to the gateway'),
+ 'unit': 'count',
+ 'color': '12/a',
+}
+metric_info['checkpoint_identity_awareness_iaAuthUsersADQuery'] = {
+ 'title': _('Authenticated users by ADQuery'),
+ 'unit': 'count',
+ 'color': '14/a',
+}
+metric_info['checkpoint_identity_awareness_iaAuthMachADQuery'] = {
+ 'title': _('Authenticated machines by ADQuery'),
+ 'unit': 'count',
+ 'color': '16/a',
+}
+metric_info['checkpoint_identity_awareness_iaAuthUsersKerberos'] = {
+ 'title': _('Authenticated users by Kerberos'),
+ 'unit': 'count',
+ 'color': '22/a',
+}
+metric_info['checkpoint_identity_awareness_iaAuthMachKerberos'] = {
+ 'title': _('Authenticated machines by Kerberos'),
+ 'unit': 'count',
+ 'color': '24/a',
+}
+metric_info['checkpoint_identity_awareness_iaAuthUsersPass'] = {
+ 'title': _('Authenticated users by User name and password'),
+ 'unit': 'count',
+ 'color': '26/a',
+}
+metric_info['checkpoint_identity_awareness_iaUnAuthUsers'] = {
+ 'title': _('Unauthenticated guests'),
+ 'unit': 'count',
+ 'color': '32/a',
+}
+
+metric_info['checkpoint_identity_awareness_iaLoggedInADQuery'] = {
+ 'title': _('Identities logged in with ADQuery'),
+ 'unit': 'count',
+ 'color': '12/a',
+}
+metric_info['checkpoint_identity_awareness_iaLoggedInAgent'] = {
+ 'title': _('Identities logged in with agents'),
+ 'unit': 'count',
+ 'color': '14/a',
+}
+metric_info['checkpoint_identity_awareness_iaLoggedInCaptivePortal'] = {
+ 'title': _('Identities logged in with Captive Portal'),
+ 'unit': 'count',
+ 'color': '16/a',
+}
+metric_info['checkpoint_identity_awareness_iaRADIUSAccounting'] = {
+ 'title': _('Identities logged in with RADIUS Accounting'),
+ 'unit': 'count',
+ 'color': '22/a',
+}
+metric_info['checkpoint_identity_awareness_iaIdentityCollectorActiveDirectory'] = {
+ 'title': _('Identities logged in with Identity Collector Active Directory'),
+ 'unit': 'count',
+ 'color': '24/a',
+}
+metric_info['checkpoint_identity_awareness_iaIdentityCollectorCiscoISE'] = {
+ 'title': _('Identities logged in with Identity Collector Cisco ISE'),
+ 'unit': 'count',
+ 'color': '26/a',
+}
+metric_info['checkpoint_identity_awareness_iaTerminalServer'] = {
+ 'title': _('Identities logged in with terminal server'),
+ 'unit': 'count',
+ 'color': '32/a',
+}
+metric_info['checkpoint_identity_awareness_iaRemoteAccess'] = {
+ 'title': _('Identities logged in with Remote Access'),
+ 'unit': 'count',
+ 'color': '34/a',
+}
+metric_info['checkpoint_identity_awareness_iaIdentityWebAPI'] = {
+ 'title': _('Identities logged in with Identity Web API'),
+ 'unit': 'count',
+ 'color': '36/a',
+}
+
+metric_info['checkpoint_identity_awareness_iaAntiSpoffProtection'] = {
+ 'title': _('Users with an active Traffic Anti-Spoffing protection'),
+ 'unit': 'count',
+ 'color': '11/a',
+}
+
+metric_info['checkpoint_identity_awareness_iaDataTrans'] = {
+ 'title': _('How much data did gateway transmitted'),
+ 'unit': 'count',
+ 'color': '42/a',
+}
+
+graph_info['checkpoint_identity_awareness_login_attempts'] = {
+ 'title': _('Check Point Identity Awareness login attempts'),
+ 'metrics': [
+ ('checkpoint_identity_awareness_iaUnSuccUserLoginPass', '-stack'),
+ ('checkpoint_identity_awareness_iaUnSuccMachLoginKerberos', '-stack'),
+ ('checkpoint_identity_awareness_iaUnSuccUserLoginKerberos', '-stack'),
+ ('checkpoint_identity_awareness_iaSuccUserLoginPass', 'stack'),
+ ('checkpoint_identity_awareness_iaSuccMachLoginKerberos', 'stack'),
+ ('checkpoint_identity_awareness_iaSuccUserLoginKerberos', 'stack'),
+ ('checkpoint_identity_awareness_iaSuccMachLoginADQuery', 'stack'),
+ ('checkpoint_identity_awareness_iaSuccUserLoginADQuery', 'stack'),
+ ],
+ 'optional_metrics': [
+ 'checkpoint_identity_awareness_iaUnSuccUserLoginPass',
+ 'checkpoint_identity_awareness_iaUnSuccMachLoginKerberos',
+ 'checkpoint_identity_awareness_iaUnSuccUserLoginKerberos',
+ 'checkpoint_identity_awareness_iaSuccUserLoginPass',
+ 'checkpoint_identity_awareness_iaSuccMachLoginKerberos',
+ 'checkpoint_identity_awareness_iaSuccUserLoginKerberos',
+ 'checkpoint_identity_awareness_iaSuccMachLoginADQuery',
+ 'checkpoint_identity_awareness_iaSuccUserLoginADQuery',
+ ],
+}
+
+graph_info['checkpoint_identity_awareness_ldap_queries'] = {
+ 'title': _('Check Point Identity Awareness LDAP queries'),
+ 'metrics': [
+ ('checkpoint_identity_awareness_iaUnSuccUserLDAP', '-area'),
+ ('checkpoint_identity_awareness_iaSuccUserLDAP', 'area'),
+ ],
+ 'optional_metrics': [
+ 'checkpoint_identity_awareness_iaUnSuccUserLDAP',
+ 'checkpoint_identity_awareness_iaSuccUserLDAP',
+ ]
+}
+
+graph_info['checkpoint_identity_awareness_auth_user_machine'] = {
+ 'title': _('Check Point Identity Awareness authenticated/unauthenticated users/machines'),
+ 'metrics': [
+ ('checkpoint_identity_awareness_iaUnAuthUsers', 'stack'),
+ ('checkpoint_identity_awareness_iaAuthUsersPass', 'stack'),
+ ('checkpoint_identity_awareness_iaAuthMachKerberos', 'stack'),
+ ('checkpoint_identity_awareness_iaAuthMachADQuery', '-stack'),
+ ('checkpoint_identity_awareness_iaAuthUsersKerberos', '-stack'),
+ ('checkpoint_identity_awareness_iaAuthUsersADQuery', 'stack'),
+ ('checkpoint_identity_awareness_iaAuthUsers', 'line'),
+ ],
+ 'optional_metrics': [
+ 'checkpoint_identity_awareness_iaUnAuthUsers',
+ 'checkpoint_identity_awareness_iaAuthUsersPass',
+ 'checkpoint_identity_awareness_iaAuthMachKerberos',
+ 'checkpoint_identity_awareness_iaAuthMachADQuery',
+ 'checkpoint_identity_awareness_iaAuthUsersKerberos',
+ 'checkpoint_identity_awareness_iaAuthUsersADQuery',
+ 'checkpoint_identity_awareness_iaAuthUsers',
+ ]
+}
+
+graph_info['checkpoint_identity_awareness_loggid_in_users'] = {
+ 'title': _('Check Point Identity Awareness logged in users with'),
+ 'metrics': [
+ ('checkpoint_identity_awareness_iaLoggedInCaptivePortal', 'stack'),
+ ('checkpoint_identity_awareness_iaRADIUSAccounting', 'stack'),
+ ('checkpoint_identity_awareness_iaIdentityWebAPI', 'stack'),
+ ('checkpoint_identity_awareness_iaIdentityCollectorActiveDirectory', 'stack'),
+ ('checkpoint_identity_awareness_iaIdentityCollectorCiscoISE', 'stack'),
+ ('checkpoint_identity_awareness_iaRemoteAccess', 'stack'),
+ ('checkpoint_identity_awareness_iaTerminalServer', 'stack'),
+ ('checkpoint_identity_awareness_iaLoggedInAgent', 'stack'),
+ ('checkpoint_identity_awareness_iaLoggedInADQuery', 'stack'),
+ ],
+ 'optional_metrics': [
+ 'checkpoint_identity_awareness_iaLoggedInCaptivePortal',
+ 'checkpoint_identity_awareness_iaRADIUSAccounting',
+ 'checkpoint_identity_awareness_iaIdentityWebAPI',
+ 'checkpoint_identity_awareness_iaIdentityCollectorActiveDirectory',
+ 'checkpoint_identity_awareness_iaIdentityCollectorCiscoISE',
+ 'checkpoint_identity_awareness_iaRemoteAccess',
+ 'checkpoint_identity_awareness_iaTerminalServer',
+ 'checkpoint_identity_awareness_iaLoggedInAgent',
+ 'checkpoint_identity_awareness_iaLoggedInADQuery',
+ ],
+}
+
+# graph_info.append({
+# 'title': _('Check Point Identity Awareness users with an active Traffic Anti-Spoffing protection'),
+# 'metrics': [
+# ('checkpoint_identity_awareness_iaAntiSpoffProtection', 'area'),
+# ],
+# })
+
+# graph_info.append({
+# 'title': _('Check Point Identity Awareness How much data did the gateway transmitted'),
+# 'metrics': [
+# ('checkpoint_identity_awareness_iaDataTrans', 'area'),
+# ],
+# })
+
+perfometer_info.append(('stacked', [
+ {
+ 'type': 'logarithmic',
+ 'metric': 'checkpoint_identity_awareness_iaAuthUsers',
+ 'half_value': 2000.0,
+ 'exponent': 2,
+ },
+ {
+ 'type': 'logarithmic',
+ 'metric': 'checkpoint_identity_awareness_iaUnAuthUsers',
+ 'half_value': 2000.0,
+ 'exponent': 2,
+ },
+]))
diff --git a/gui/wato/checkpoint_identity_awareness.py b/gui/wato/checkpoint_identity_awareness.py
new file mode 100644
index 0000000000000000000000000000000000000000..099b8332da82c51dcc337beb14abcc664e956e63
--- /dev/null
+++ b/gui/wato/checkpoint_identity_awareness.py
@@ -0,0 +1,87 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date: 2017-12-20
+#
+# Check_MK checkpoint_identity_awareness WATO plugin
+#
+# 2022-11-29: fixed CheckParameterRulespecWithoutItem
+# (from CheckParameterRulespecWithItem) THX to jblaak[at]gmail[dot]com
+#
+
+from cmk.gui.i18n import _
+from cmk.gui.valuespec import (
+ Dictionary,
+ ListChoice,
+)
+
+from cmk.gui.plugins.wato.utils import (
+ rulespec_registry,
+ RulespecGroupCheckParametersNetworking,
+ CheckParameterRulespecWithoutItem
+)
+
+_ignorecounters = [
+ # ('iaAuthUsers', 'Authenticated users and machines'), # will be used in perf-o-meter
+ ('iaAuthUsersPass', 'Authenticated users by name and password'),
+ ('iaAuthUsersADQuery', 'Authenticated users by ADQuery'),
+ ('iaAuthUsersKerberos', 'Authenticated users by Kerberos'),
+ ('iaAuthMachKerberos', 'Authenticated machines by Kerberos'),
+ ('iaAuthMachADQuery', 'Authenticated machines by ADQuery'),
+ # ('iaUnAuthUsers', 'Unauthenticated guests'), # will be used in perf-o-meter
+ ('iaLoggedInAgent', 'Logged in users with agents'),
+ ('iaLoggedInCaptivePortal', 'Logged in users with Captive Portal'),
+ ('iaLoggedInADQuery', 'Logged in users with ADQuery'),
+
+ ('iaRADIUSAccounting', 'Identities logged in with RADIUS Accounting'),
+ ('iaIdentityCollectorActiveDirectory', 'Identities logged in with Identity Collector Active Directory'),
+ ('iaIdentityCollectorCiscoISE', 'Identities logged in with Identity Collector Cisco ISE'),
+ ('iaTerminalServer', 'Identities logged in with terminal server'),
+ ('iaRemoteAccess', 'Identities logged in with Remote Access'),
+ ('iaIdentityWebAPI', 'Identities logged in with Identity Web API'),
+
+ ('iaSuccUserLoginPass', 'Successfull login attempts users by name and password'),
+ ('iaSuccUserLoginKerberos', 'Successfull login attempts users by Kerberos'),
+ ('iaSuccUserLoginADQuery', 'Successfull login attempts users by ADQuery'),
+ ('iaSuccMachLoginKerberos', 'Successfull login attempts machines by Kerberos'),
+ ('iaSuccMachLoginADQuery', 'Successfull login attempts machines by ADQuery'),
+ ('iaUnSuccUserLoginPass', 'Unsuccessfull login attempts users by name and password'),
+ ('iaUnSuccUserLoginKerberos', 'Unsuccessfull login attempts users by Kerberos'),
+ ('iaUnSuccMachLoginKerberos', 'Unsuccessfull login attempts machines by Kerberos'),
+ ('iaSuccUserLDAP', 'LDAP queries successfull'),
+ ('iaUnSuccUserLDAP', 'LDAP queries unsuccessfull'),
+ ('iaAntiSpoffProtection', 'Users with an active Traffic Anti-Spoffing protection'),
+ ('iaDataTrans', 'How much data did the gateway transmitted'),
+]
+
+
+def _parameter_valuespec_checkpoint_identity_awareness():
+ return Dictionary(
+ title=_('Check Point Identity Awareness status'),
+ elements=[
+ (
+ 'ignore_counters',
+ ListChoice(
+ title=_('list of counters to ignore'),
+ help=_('Counters to remove from performance data.'),
+ choices=_ignorecounters,
+ default_value=[],
+ )
+ ),
+ ],
+ )
+
+
+rulespec_registry.register(
+ CheckParameterRulespecWithoutItem(
+ check_group_name='checkpoint_identity_awareness',
+ group=RulespecGroupCheckParametersNetworking,
+ # match_type='dict',
+ parameter_valuespec=_parameter_valuespec_checkpoint_identity_awareness,
+ title=lambda: _('Check Point Identity Awareness'),
+ )
+)
diff --git a/packages/checkpoint_identity_awareness b/packages/checkpoint_identity_awareness
index 84a8e3de9d4d71ee564e1c80a93639af71eadf38..478f1197bd1b45129726c902035ea0388bb25692 100644
--- a/packages/checkpoint_identity_awareness
+++ b/packages/checkpoint_identity_awareness
@@ -5,13 +5,12 @@
'download_url': 'https://thl-cmk.hopto.org',
'files': {'agent_based': ['checkpoint_ia_adquery.py',
'checkpoint_identity_awareness.py'],
- 'web': ['plugins/wato/checkpoint_identity_awareness.py',
- 'plugins/metrics/checkpoint_identity_awareness.py',
- 'plugins/metrics/checkpoint_ia_adquery.py']},
+ 'gui': ['metrics/checkpoint_identity_awareness.py',
+ 'wato/checkpoint_identity_awareness.py',
+ 'metrics/checkpoint_ia_adquery.py']},
'name': 'checkpoint_identity_awareness',
- 'num_files': 5,
'title': 'Check Point Identity Awareness checks',
- 'version': '20221130.v.0.2a',
- 'version.min_required': '2.0.0',
- 'version.packaged': '2021.09.20',
+ 'version': '0.3.0-20230529',
+ 'version.min_required': '2.1.0b1',
+ 'version.packaged': '2.1.0p21',
'version.usable_until': None}
\ No newline at end of file